A website that bills itself as providing a safer way to store Bitcoin and other digital currencies has been using a coding sleight of hand to generate private keys that are suspiciously trivial for the operators to guess, leaving all funds stored in the wallets open to theft, researchers with a different service said on Friday.

WalletGenerator.net provides code for creating what are known as paper wallets for 197 different cryptocurrencies. Paper wallets were once billed as a secure way to store digital coins because—in theory, at least—the private keys that unlock the wallets are stored on paper, rather than on an Internet-connected device that can be hacked. (In reality, paper wallets are open to hack for a variety of reasons.) While the site advises people to download the code from this Github page and run it while the computer is unplugged from the Internet, it also hosted a simpler, stand-alone service above all the instructions for generating the same wallets.

Researchers from MyCrypto, which provides an open-source tool for cryptocurrency and blockchain users, compared the code hosted on Github and WalletGenerator.net and found some striking differences. Sometime between August 17 and August 25 of last year, the WalletGenerator.net code was changed to alter the way it produced the random numbers that are crucial for private keys to be secure.

The nominees for board gaming's biggest award, the German "Spiel des Jahres" trophy, were announced this week and feature a total absence of entries from designers Wolfgang Warsch and Michael Kiesling. (If you have no idea what I'm talking about, those two absolutely dominated last year's awards).

This year, the jury of German critics went with light, easy-to-teach games for the family-friendly "Spiel des Jahres" award. Just One and Werwörter (Werewords in English) are word-based party games, while L.A.M.A. is a card-shedding game from design legend Reiner Knizia. All three play in under 20 minutes (!).

Enlarge / From left to right: the iPhone 8, the iPhone XS, the iPhone XR, and the iPhone XS Max. (credit: Samuel Axon)

Just a little over a week after iOS 12.3 hit iPhones and iPads everywhere, Apple has released iOS 12.3.1—a minor update that fixes a couple bugs. Earlier this week, Apple also released a supplemental update for macOS 10.14.5 to fix issues with the T2 chip on some MacBook Pros, addressing a common user complaint.

The iOS update primarily focused on fixing some issues with the Messages app. More specifically, it addresses a bug that prevented the "report junk" option from appearing on applicable threads and another one that made unknown senders appear in your main inbox when they shouldn't. Additionally, it addresses an issue that affected VoLTE calls.

How many more Star Wars films and TV series do we need? Our answer to that question became "at least one more" when we learned on late Thursday that a pretty juicy Lucasfilm project is in the works: the first-ever Knights of the Old Republic film.

Buzzfeed News says the project is currently linked to only one person: screenwriter Laeta Kalogridis, who has worked on scripts for Terminator Genisys, Netflix's Altered Carbon, and Alita: Battle Angel (meaning no actors, directors, or producers are currently attached, which should indicate how early-stages this project currently is). This script, according to Buzzfeed, is the first of a possible trilogy. If true, that would slam Kalogridis's project up against Star Wars film trilogies from Game of Thrones showrunners D.B. Weiss and David Benioff and from The Last Jedi director/screenwriter Rian Johnson.

There's always a chance that this KOTOR-linked screenplay is the first step in a protracted process that never leads to production (spec scripts tend to come before true film development) or that it turns into something tailored for the upcoming Disney+ streaming service. Still, the KOTORvideo game franchise, shepherded by the game makers at BioWare, has always been beloved for its characters and scripts. Even its MMO incarnation, which launched in 2011 to uneven reviews, has been consistently lauded for its engrossing universe and stories. Hence, we'll join our fellow Star Wars nerds and begin optimistically drooling already.

Enlarge / Trump's memorandum to agency heads gives Attorney General William Barr authority to declassify or downgrade classification of anything he sees fit in his investigation into "intelligence activity" around the 2016 presidential election. (credit: Chip Somodevilla/Getty Images)

Late in the day on May 23, President Donald Trump signed a memorandum ordering the heads of the Departments of Defense, Energy, and Homeland Security, and the Directors of National Intelligence and the Central Intelligence Agency to give Attorney General William Barr unfettered access to information about "intelligence activities relating to the campaigns in the 2016 Presidential election and certain related matters." The memorandum gives Barr the authority to declassify or downgrade the classification of any information he sees fit as part of the investigation.

Barr's investigation is not into electoral interference by foreign actors during the 2016 presidential campaign, but rather into whether US law enforcement and intelligence illegally spied on the Trump campaign. In an interview with Fox News earlier this month, Barr explained that "people have to find out what the government was doing during that period… If we're worried about foreign influence, for the very same reason we should be worried about whether government officials abuse their power and put their thumb on the scale."

The memorandum states that Barr can "declassify, downgrade, or direct the declassification or downgrading of information or intelligence that relates to the Attorney General's review." No restrictions are placed on what Barr can declassify, other than an instruction that "the Attorney General should, to the extent he deems it practicable, consult with the head of the originating intelligence community element or department."

Forty-seven Democratic members of Congress are calling for a net neutrality compromise with Republicans, who have refused to support a full restoration of the net neutrality rules repealed by the Ajit Pai-led Federal Communications Commission.

The Democratic-majority US House of Representatives voted in April to pass the Save the Internet Act, which would restore the Obama-era FCC's net neutrality rules. But Senate Majority Leader Mitch McConnell (R-Ky.) declared the bill "dead on arrival" in the Republican-majority Senate.

Republican lawmakers say they'll only accept a net neutrality law that isn't as strict—even though large majorities of both Democratic and Republican voters support the FCC's old net neutrality rules. On Wednesday, dozens of Democrats asked their party leadership to compromise with the GOP leadership.

Director Stefon Bristol's See You Yesterday is something of an anomaly in the pantheon of time travel movies, straddling multiple genres. With its central tragedy, theme focused on the unintended consequences of new technology, and strong social conscience, it's more Black Mirror than Back to the Future. As such, it fits nicely into a small subgroup of quietly innovative time travel films like 2012's Safety Not Guaranteed.

The premise: two teenage science nerds in the Flatbush neighborhood of Brooklyn build a makeshift time machine to right a tragic wrong. C.J (Eden Duncan-Smith) and her best friend and fellow science whiz Sebastian (Dante Crichlow), nicknamed Bash, have just wrapped their junior year at the Bronx High School of Science. They're putting the finishing touches on a pair of portable time travel devices for an upcoming science fair, and they're naturally ecstatic when they succeed on their next attempt at a Temporal Relocation Test, traveling back one full day.

That light-hearted tone quickly turns dark. In an all-too-familiar scenario, C.J.'s older brother Calvin (the rapper Astro) runs afoul of a trigger-happy NYPD officer, who mistakes Calvin pulling a cell phone out of his pocket for a weapon and shoots him dead. C.J. figures she and Sebastian can use their science project to travel back in time to save Calvin. Who among us wouldn't want to try to reverse such a tragedy? But as you might expect, there are some serious unintended consequences to her plan.

Enlarge / An Agta family relaxing in the afternoon. (credit: Mark Dyble)

For most of our history, humans got hold of food like any other animal: by hunting and foraging, moving around to find the best resources. Settling down in one place to cultivate crops is a comparatively recent development. But once it started around 12,000 years ago, agriculture spread through human cultures across the world, fundamentally changing our societies, genomes, and possibly even languages. In many ways, farming seems to have been terrible news for the people who adopted it, leading to poorer nutrition and greater social inequality—but it also resulted in higher fertility rates and a massive population expansion.

Understanding how and why this technological change was adopted remains a challenge. Studies mostly rely on fossil evidence, but there are also clues in the modern world, as some present-day groups of people are moving away from hunting, fishing, and gathering their food and toward agriculture.

A paper published in Nature Human Behaviour explores how this shift affects the time budgets of hunter-gatherers in the Philippines, finding that women who participate more in agricultural work have less leisure time—around half the leisure time of women who prioritize foraging. The results fall in line with past research that challenges the concept of hunting and foraging as arduous work with scant rewards, and this work contributes to a growing understanding of the social dynamics that go along with a shift to agriculture.

In the wake of the ransomware attack that has kept city networks and infrastructure shut down now for over two weeks, Baltimore officials—including the mayor and city council members—set up Google Gmail accounts as a backup communications channel. But earlier this week, Google's automated systems shut the accounts down, instructing the account holders to purchase a business account.

"These account were disabled because the creation of a large number of new accounts triggered Google’s automated security system," a Google spokesperson told Ars. "The threshold is around 50 accounts, so more than 50 accounts triggered its systems."

On May 23, a Google spokesperson said through the company's Twitter account, "We have restored access to the Gmail accounts for the Baltimore City officials. Our automated security systems disabled the accounts due to the bulk creation of multiple consumer Gmail accounts from the same network."

Welcome to Edition 2.01 of the Rocket Report! This week marks one year since the first report. What started as an experiment has grown into something that a lot of people read. So thank you for joining. And if you appreciate this weekly report and the effort that goes into it, I encourage you to subscribe to Ars Technica. It doesn't cost much, and there are perks. But mostly you'll know you're supporting independent journalism like this. Thank you for considering it.

As always, we welcome reader submissions, and if you don't want to miss an issue, please subscribe using the box below (the form will not appear on AMP-enabled versions of the site). Each report will include information on small-, medium-, and heavy-lift rockets as well as a quick look ahead at the next three launches on the calendar.

Virgin performs full-duration hotfire test. On Tuesday, Virgin Orbit announced that it had performed the "final full-duration, full-scale, full-thrust—hell, full everything—test firing" of its LauncherOne rocket's first stage. The firing lasted for more than 180 seconds and was entirely successful, the company reported. Virgin said the rocket, which will be launched from beneath the wing of an airplane, was within an "arm's reach" of its first orbital flight test.

11:40pm ET Update: The Falcon 9 rocket launched. Its first stage landed. And then the second stage coasted for the better part of an hour before making a final burn and deploying its payload of Starlink satellites.

About 1 hour and 3 minutes after the launch, the entire stack of 60 satellites floated away from the Falcon 9's second stage. Slowly—very slowly, it appeared—the 60 satellites began to drift apart. The SpaceX webcast ended without saying whether this deployment went as anticipated, and it probably will take some time for the Air Force to begin identifying and tracking the individual satellites.

Google's official Play Store has been caught hosting malicious apps that targeted Android users with an interest in cryptocurrencies, researchers reported on Thursday.

In all, researchers with security provider ESET recently discovered two fraudulent digital wallets. The first, called Coin Wallet, let users create wallets for a host of different cryptocurrencies. While Coin Wallet purported to generate a unique wallet address for users to deposit coins, the app in fact used a developer-owned wallet for each supported currency, with a total of 13 wallets. Each Coin Wallet user was assigned the same wallet address for a specific currency.

"The app claims it lets users create wallets for various cryptocurrencies," ESET Malware Researcher Lukas Stefanko wrote in a blog post. "However, its actual purpose is to trick users into transferring cryptocurrency into the attackers' wallets—a classic case of what we named wallet address scams in our previous research of cryptocurrency-targeting malware."